deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added exce rule

Browse Source
This commit is contained in:
Justin Hall 2018-06-28 10:40:20 -07:00
parent bf33052469
commit 498e2267c3
4 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -198,7 +198,7 @@ Path Publisher
Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name. Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name.
### Import a list of apps ### Import a list of apps
For this example, were going to add an AppLocker XML file to the **Protected apps** list. Youll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. For this example, were going to add an AppLocker XML file to the **Protected apps** list. Youll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content.
**To create a list of protected apps using the AppLocker tool** **To create a list of protected apps using the AppLocker tool**
1. Open the Local Security Policy snap-in (SecPol.msc). 1. Open the Local Security Policy snap-in (SecPol.msc).
@ -273,6 +273,39 @@ For this example, were going to add an AppLocker XML file to the **Protected
12. After youve created your XML file, you need to import it by using Microsoft Intune. 12. After youve created your XML file, you need to import it by using Microsoft Intune.
**To create an Executable rule and xml file for unsigned apps**
1. Open the Local Security Policy snap-in (SecPol.msc).
2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**.
3. Right-click **Executable Rules** > **Create New Rule**.
![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png)
4. On the **Before You Begin** page, click **Next**.
5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
6. On the **Conditions** page, click **Path** and then click **Next**.
![Create Packaged app Rules wizard, showing the Publisher](images/path-condition.png)
7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, were using "C:\Program Files".
![Create Packaged app Rules wizard, showing the Select applications page](images/select-path.png)
8. On the **Exceptions** page, add any exceptions and then click **Next**.
9. On the **Name** page, type a name and description for the rule and then click **Create**.
10. In the left pane, right-click **AppLocker** > **Export policy**.
11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
The policy is saved and youll see a message that says 1 rule was exported from the policy.
12. After youve created your XML file, you need to import it by using Microsoft Intune.
**To import a list of protected apps using Microsoft Intune** **To import a list of protected apps using Microsoft Intune**
1. In **Protected apps**, click **Import apps**. 1. In **Protected apps**, click **Import apps**.

35
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
View File

@ -193,7 +193,7 @@ In this example, you'd get the following info:
Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box. Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
### Add an AppLocker policy file ### Add an AppLocker policy file
Now were going to add an AppLocker XML file to the **App Rules** list. Youll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). Now were going to add an AppLocker XML file to the **App Rules** list. Youll use this option if you want to add multiple apps at the same time. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).
**To create a Packaged App rule rule and xml file** **To create a Packaged App rule rule and xml file**
1. Open the Local Security Policy snap-in (SecPol.msc). 1. Open the Local Security Policy snap-in (SecPol.msc).
@ -260,39 +260,6 @@ Now were going to add an AppLocker XML file to the **App Rules** list. You
``` ```
12. After youve created your XML file, you need to import it by using Microsoft Intune. 12. After youve created your XML file, you need to import it by using Microsoft Intune.
**To create an Executable rule and xml file for unsigned apps**
1. Open the Local Security Policy snap-in (SecPol.msc).
2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**.
3. Right-click **Executable Rules** > **Create New Rule**.
![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png)
4. On the **Before You Begin** page, click **Next**.
5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
6. On the **Conditions** page, click **Path** and then click **Next**.
![Create Packaged app Rules wizard, showing the Publisher](images/path-condition.png)
7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, were using "C:\Program Files".
![Create Packaged app Rules wizard, showing the Select applications page](images/select-path.png)
8. On the **Exceptions** page, add any exceptions and then click **Next**.
9. On the **Name** page, type a name and description for the rule and then click **Create**.
10. In the left pane, right-click **AppLocker** > **Export policy**.
11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
The policy is saved and youll see a message that says 1 rule was exported from the policy.
12. After youve created your XML file, you need to import it by using Microsoft Intune.
**To import your Applocker policy file app rule using Microsoft Intune** **To import your Applocker policy file app rule using Microsoft Intune**
1. From the **App Rules** area, click **Add**. 1. From the **App Rules** area, click **Add**.

BIN
windows/security/information-protection/windows-information-protection/images/path-condition.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 35 KiB

4
windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
View File

@ -1,5 +1,5 @@
--- ---
title: Introduction to Windows Defender Device Guard - virtualization-based security and code integrity policies (Windows 10) title: Windows Defender Device Guard - virtualization-based security and code integrity policies (Windows 10)
description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating systems security. description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating systems security.
keywords: virtualization, security, malware keywords: virtualization, security, malware
ms.prod: w10 ms.prod: w10
@ -9,7 +9,7 @@ author: mdsakibMSFT
ms.date: 04/19/2018 ms.date: 04/19/2018
--- ---
# Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control # Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control
**Applies to** **Applies to**
- Windows 10 - Windows 10